1. Field of the Invention
The present invention relates to encryption and mechanisms for screening data. More specifically, the present invention relates to a method and an apparatus for performing content screening on data that is protected by end-to-end encryption.
2. Related Art
The advent of computer networks has led to an explosion in the development of applications, such as electronic mail, that facilitate rapid dissemination of information between computer systems across computer networks.
One problem with sending information across computer networks is that it is hard to ensure that sensitive information is kept confidential. This is because a message containing sensitive information can potentially traverse many different computer networks and many different computer systems before it arrives at its ultimate destination. An adversary can potentially intercept a message at any of these intermediate points along the way.
One way to remedy this problem is to xe2x80x9cencryptxe2x80x9d sensitive data using an encryption key so that only someone who possesses a corresponding decryption key can decrypt the data. (Note that for commonly used symmetric encryption mechanisms the encryption key and the decryption key are the same key.) For example, a person sending sensitive data across a computer network can encrypt the sensitive data using the encryption key before it is sent across a computer network. At the other end, the recipient of the data can use the corresponding decryption key to decrypt the data.
Another problem with transferring data across a computer network is that it is hard to ensure that data which is received from the computer network is harmless. For example, the data may contain a computer virus, which can harm a computer system, or the data may contain information that violates a company policy.
In order to remedy this problem, communications entering a protected group of computer systems can be channeled through a xe2x80x9cfirewall.xe2x80x9d This allows the firewall to perform xe2x80x9ccontent screeningxe2x80x9d in order to filter out harmful or unwanted communications from entering the protected group of computer systems.
Unfortunately, the use of a firewall can interfere with encryption. The most secure method of encryption is xe2x80x9cend-to-end.xe2x80x9d End-to-end encryption typically entails setting up an encrypted xe2x80x9ctunnelxe2x80x9d between processes on different computer systems in order to allow the processes to communicate with each other. All communications passing through the tunnel are encrypted using a session key, which is negotiated between the processes during initialization of the tunnel.
In order to perform content screening, existing systems terminate an encrypted tunnel at the firewall. This allows the firewall to perform the content screening, but -it does not provide end-to-end encryption for the communication.
Another solution is to perform the content screening after a message reaches a client computer system within the firewall. For example, virus scanners typically operate on a client computer system. Performing content screening on a client computer system makes it possible to provide end-to-end encryption. However, there are a number of drawbacks in doing so. (1) Content screeners (such as virus scanners) often require updating more frequently than a client system is likely to be updated. (2) Content screeners must often be explicitly activated by a user of the client computer system in order to screen the data. (3) Also, client computer systems within the firewall may not be completely trusted to enforce a content screening policy.
Hence, what is needed is a method and an apparatus for providing content screening in a system that provides end-to-end encryption without performing the content screening at a destination computer system.
One embodiment of the present invention provides a system that performs content screening on a message that is protected by end-to-end encryption. The system operates by receiving an encrypted message at a firewall from a source outside of the firewall, the encrypted message having been formed by encrypting the message with a message key. In order to restore the message, the system procures the message key and decrypts the encrypted message with the message key. Next, the system screens the message within the firewall to determine whether the message satisfies a screening criterion. If so, the system allows a destination within the firewall to process the message.
In one embodiment of the present invention, procuring the message key includes allowing the source and the destination to negotiate the message key, which is then sent to the firewall. In a variation on this embodiment, the system additionally allows the source and the destination to negotiate a security association, which is also sent to the firewall. This security association identifies a specific communication session between the source and the destination to be protected by the message key.
In one embodiment of the present invention, the firewall procures the message key by receiving an encrypted message key along with the encrypted message, the encrypted message key having been formed by encrypting the message key. Next, the firewall sends the encrypted message key to the destination, and allows the destination to decrypt the encrypted message key to restore the message key. Finally, the destination returns the message key to the firewall so that the firewall can decrypt the message.
In one embodiment of the present invention, screening the message can include, screening the message for a virus, screening the message in order to detect a policy violation within the message, and screening the message to detect keywords of interest in the message.
In one embodiment of the present invention, allowing the destination to process the message involves notifying the destination that the message satisfies the screening criterion.
In one embodiment of the present invention, allowing the destination to process the message involves forwarding the message to the destination in a secure manner. Forwarding the message to the destination in the secure manner can be accomplished by: forwarding the message to the destination in the clear under protection of the firewall; encrypting the message with a destination public key belonging to the destination prior to forwarding the message; or encrypting the message with a secret key known to the destination prior to forwarding the message.